From fb41fcc519c8658e242b32f1cecb89acab2c953d1870203516366e98c3a1bfac Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 28 Mar 2007 23:01:25 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wget?expand=0&rev=2 --- wget-CVE-2006-6719.patch | 16 ++++++++++++++++ wget.changes | 5 +++++ wget.spec | 12 ++++++++---- 3 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 wget-CVE-2006-6719.patch diff --git a/wget-CVE-2006-6719.patch b/wget-CVE-2006-6719.patch new file mode 100644 index 0000000..67c6c33 --- /dev/null +++ b/wget-CVE-2006-6719.patch @@ -0,0 +1,16 @@ +Fixes NULL pointer dereference (CVE-2006-6719) + +================================================================================ +--- src/ftp-basic.c ++++ src/ftp-basic.c +@@ -1039,7 +1039,9 @@ + first word of the server response)? */ + request = strtok (NULL, " "); + +- if (!strcasecmp (request, "VMS")) ++ if (request == NULL) ++ *server_type = ST_OTHER; ++ else if (!strcasecmp (request, "VMS")) + *server_type = ST_VMS; + else if (!strcasecmp (request, "UNIX")) + *server_type = ST_UNIX; diff --git a/wget.changes b/wget.changes index dac6d95..d445ab0 100644 --- a/wget.changes +++ b/wget.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Mar 28 19:13:11 CEST 2007 - max@suse.de + +- Fixes a null pointer dereference (#231063, CVE-2006-6719) + ------------------------------------------------------------------- Thu Jun 22 14:53:07 CEST 2006 - max@suse.de diff --git a/wget.spec b/wget.spec index 47baf36..fd43378 100644 --- a/wget.spec +++ b/wget.spec @@ -1,7 +1,7 @@ # # spec file for package wget (Version 1.10.2) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -13,11 +13,11 @@ Name: wget BuildRequires: libpng-devel openssl-devel URL: http://wget.sunsite.dk/ -License: GPL +License: GNU General Public License (GPL) Group: Productivity/Networking/Web/Utilities Autoreqprov: on Version: 1.10.2 -Release: 15 +Release: 46 Summary: A Tool for Mirroring FTP and HTTP Servers Source: %name-%version.tar.bz2 Patch: nops_doc.diff @@ -28,6 +28,7 @@ Patch6: wget-1.10-fnmatch.diff Patch7: wget-1.10.1-strict-aliasing.diff Patch8: wget-ftp-restart.patch Patch9: wget-CAN-2004-1488.patch +Patch10: wget-CVE-2006-6719.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %install_info_prereq @@ -51,6 +52,7 @@ Authors: %patch7 -p1 %patch8 %patch9 +%patch10 rename no nb $RPM_BUILD_DIR/wget*/po/no.* %build @@ -91,7 +93,9 @@ rm -rf $RPM_BUILD_ROOT; %{_bindir}/* %{_datadir}/locale/*/*/* -%changelog -n wget +%changelog +* Wed Mar 28 2007 - max@suse.de +- Fixes a null pointer dereference (#231063, CVE-2006-6719) * Thu Jun 22 2006 - max@suse.de - Removed the unneeded fix for CAN-2004-1487 (bugs #179369 and #185214).